Building Custom KQL Analytics Rules in Sentinel
In this post I explore using Sentinel to detect, and respond to threats using custom analytics rules using Kusto Query Language (KQL). This allows you to tailor threat detection to your organization’s specific needs, ensuring that no threat goes unnoticed and tuning the detections to exclude low value and noisy results that clutter up the incident queue.